Export limit exceeded: 364500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3611 1 Vrnews 1 Vrnews 2026-04-23 N/A
admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
CVE-2007-3666 1 Symantec 1 Norton Ghost 2026-04-23 N/A
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
CVE-2007-3636 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2026-04-23 N/A
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
CVE-2007-3644 1 Freebsd 1 Libarchive 2026-04-23 N/A
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
CVE-2007-3660 1 Nonnoi Solutions 1 Asp Barcode 2026-04-23 N/A
The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.
CVE-2007-3941 1 Jasmine 1 Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3964 1 Itaka 1 Itaka 2026-04-23 N/A
Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.
CVE-2007-3969 1 Panda 1 Panda Antivirus 2026-04-23 N/A
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
CVE-2007-3982 1 Datadynamics 1 Activereports 2026-04-23 N/A
Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.
CVE-2006-7129 1 Iss 1 Blackice Pc Protection 2026-04-23 N/A
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
CVE-2007-4010 1 Php 1 Php 2026-04-23 N/A
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
CVE-2007-4017 1 Citrix 1 Access Gateway 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.
CVE-2007-4059 1 Vmware 1 Workstation 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
CVE-2007-4067 1 Clever Components 1 Internet Activex Suite 2026-04-23 N/A
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
CVE-2007-4080 1 Alstrasoft 1 E-friends 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
CVE-2007-4082 1 Alstrasoft 1 Article Manager Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2007-4099 1 Tor 1 Tor 2026-04-23 N/A
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.
CVE-2007-4106 1 Codewidgets 2 Pay Roll - Time Sheet, Punch Card 2026-04-23 N/A
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
CVE-2007-4114 1 Suskunduygular 1 Suskunduygular Uyelik Sistemi 2026-04-23 N/A
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-4133 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.